Microsoft reveals blockchain plans

Software King of the World Microsoft has been talking about its plans to use blockchain distributed-ledger technologies to store and manage digital identities securely.

Stage one involves an experiment using the Microsoft Authenticator app.

Microsoft reckons the technology holds promise as a superior alternative to people granting consent to dozens of apps and services and having their identity data spread across multiple providers.

It aims to fix the issue of people not having control over their identity data and being left exposed to data breaches and identity theft. Instead, people could store, control and access their identity in an encrypted digital hub.

Writing in its bog, Vole said that it had been incubating ideas for using blockchain and other distributed ledger technologies to create new types of decentralised digital identities.

It's also been working with members of the Decentralised Identity Foundation, which sums up its goal as creating "decentralised identities anchored by blockchain IDs, linked to zero-trust data stores that are universally discoverable".

The collaboration focuses on developing decentralised identities (DIDs), an encrypted identity datastore called an Identity Hub, a server named Universal DID Resolver that resolves DIDs across blockchains, and verifiable credentials.

Microsoft's Ankur Patel said that current identity systems were geared toward authentication and access management. A decentralised system trust is based on "attestations" or claims about parts of a person's identity that other entities endorse.

DIDs and ID Hubs could help developers tailor apps and services by providing access to a more precise set of attestations without having to process as much of a user's personally identifiable information.

Microsoft believes that blockchain technology and protocols are well suited for enabling DIDs, but they're also not perfectly designed for the scale of system Microsoft envisages.

"While some blockchain communities have increased on-chain transaction capacity (e.g., blocksize increases), this approach degrades the decentralised state of the network and cannot reach the millions of transactions per second the system would generate at world-scale.

"To overcome these technical barriers, we are collaborating on decentralised Layer 2 protocols that run atop these public blockchains to achieve global scale, while preserving the attributes of a world-class DID system."

Microsoft will soon add support for decentralized identities into its Authenticator app, enabling other apps to interact with user data through Microsoft's app.

"With consent, Microsoft Authenticator will be able to act as your User Agent to manage identity data and cryptographic keys. In this design, only the ID is rooted on the chain. Identity data is stored in an off-chain ID Hub (that Microsoft can't see) encrypted using these cryptographic keys", writes Patel.

"Once we have added this capability, apps and services will be able to interact with users' data using a standard messaging conduit by requesting granular consent. Initially, we will support a select group of DID implementations across blockchains, and we will likely add more in the future."